Digital information governance: selection, organization
27
Digital information governance: selection, organization, long term preservation - module 3 - Pierluigi Feliciati University of Macerata (Italy) Summer School “Digital Tools for Humanists” Pisa, June 11 th 2019
Digital information governance: selection, organization
Overview of Information and Records Governanceterm preservation -
module 3 -
Pisa, June 11th 2019
3. IG program + Retention/Selection/Appraisal -»
Preservation
premise
• Building and maintaining a good Records and Information program
is for definition a long-term practice
• So, we should take as a premise:
• The benefits of a good Records Management System
• Principles for good recordkeeping and maturity model (GARP)
• The importance of Retention, Appraisal and Disposition
• The necessity of an ongoing maintenance program: compliance,
continuous assessement and improvement
Maintaining a RIG program
• The RIG program should be an everyday part of an organization’s
operations and communications.
• It requires vigilant and consistent monitoring and auditing to
ensure that RIG policies and processes are effective and
consistently followed and enforced.
• It also requires an ongoing training and communications program
to keep employees aware of approved processes and behaviors.
Maintaining a RIG program
This goal can not be just a (formal) perspective: • it requires
that someone is accountable for continual monitoring and
refinement of policies and tools
• the executive sponsor for the initial project could become the
chief information governance officer or RIG coordinator, driving
its active improvement
• the organization also may decide to form a standing IG board,
steering committee, or team with specific responsibilities
• A RIG program must be ongoing, dynamic, and aggressive in its
execution in order to remain effective.
Maintaining a RIG program
• The approach to an IG program is similar to that of a vital
records program (those critical business records that an
organization must have to continue operations). Backups of backups
must be built in.
• The redundancies of accountability must be considered, tested,
and implemented. This may mean that when the formal program manager
is unable to execute his or her duties, an assistant or designated
backup can carry out those duties.
• It is also a good idea to cross-train employees. With this
approach, the legal team, for instance, will better understand the
needs and requirements of the records management function, and vice
versa.
Maintaining a RIG program
• Maintaining IG program effectives requires implementing
principles of continuous process improvement (CPI). CPI is a
“never-ending effort to discover and eliminate the main causes of
problems. It accomplishes this by using small-steps improvements,
rather than implementing one huge improvement.”
• Maintaining and improving the program will require monitoring
tools, periodic audits, and regular meetings for discussion and
approval of changes to improve the program.
• It will require a cross section of team leaders from IT, legal,
records management, compliance, internal audit, and risk management
as well as functional business units participating actively.
Why continuously improve IG program?
1. Changing technology. New technology capabilities need to be
monitored and considered with an eye to improving, streamlining, or
reducing the cost of IG. The IG program needs to anticipate new
types of threats and also evaluate adding or replacing technologies
to continue to improve it.
2. Changing laws and regulations. Compliance with new or updated
laws and regulations must be maintained.
3. Internal IG requirements. As an organization updates and
improves its overall IG, the program elements that concern critical
information assets must be kept aligned and synchronized.
Why continuously improve IG program?
4. Changing business plans. As the enterprise develops new business
strategies and enters new markets, it must reconsider and update
its IG program.
5. Evolving industry best practices. Best practices change, and new
best practices arise with the introduction of each successive wave
of technology and with changes in the business environment. The
program should consider and leverage new best practices.
6. Fixing program shortcomings. Addressing flaws in the IG program
that are discovered through testing, monitoring, and auditing; or
addressing an actual breach of confidential information; or a legal
sanction imposed due to noncompliance are all reasons why a program
must be revisited periodically and kept updated.
Long-term preservation and RIG
• Long-term continuity of digital information does not happen by
accident— it takes information governance, planning, sustainable
resources, and a keen awareness of the information technology (IT)
and file formats in use by the organization, as well as evolving
standards and computing trends.
• Digital preservation is the long-term, error-free storage of
digital information, for access, retrieval and interpretation, for
the entire time span the information was selected to be retained by
a designed community (OAIS).
• Digital preservation applies to digital-born content as well as
content converted to digital form.
Long-term preservation and IG
• Some digital information assets must be preserved permanently as
part of an organization’s documentary heritage, documenting its
history and reputation.
• Dedicated repositories for historical and cultural memory, such
as libraries, archives, and museums, act as trustworthy digital
repositories that can match the security controls, and wealth of
management and descriptive metadata similar to those that have been
created for analog assets (such as books and paper records).
Long-term preservation and RIG
• The definition of “long term” comes from the International
Organization for Standardization (ISO) standard 14721 (OAIS), which
defines long-term as “long enough to be concerned with the impacts
of changing technologies, including support for new media and data
formats, or with a changing user community. Long Term may extend
indefinitely.”
• There is the requirement to retain the metadata associated with
records even longer than the records themselves.
• A record may have been destroyed according to its scheduled
disposition at the end of its life cycle, but the organization
still may need its metadata to identify the record, its life cycle
dates, and the authority or person who authorized its
destruction.
Long-term preservation and RIG
• Planning for the proper care of the electronic records selected
to be preserved, protected, and monitored over long periods of time
to ensure they remain authentic, complete, and unaltered and
available into the future is a component of a records management
program and should be integrated into the organization’s RIG
policies and technology portfolio as well as its privacy and
security protocols.
• The capability for ensuring proper access to authentic electronic
records over time (in addition to the challenges of technological
obsolescence), is a sophisticated combination of policies,
strategies, processes, specialized resources, and adoption of
standards.
Threats to Preserving Records
• Failure of storage media.
• Failure of computer systems.
• Component obsolescence.
• Human error.
• Natural disaster.
• The second category relates to open standard technology-neutral
file formats.
• The international standard ISO 14721:2003 , 2012, Space Data and
Information Transfer Systems — Open Archival Information System
(OAIS) is a key standard applicable to LTDP (Long Term Data
Preservation)
OAIS – Open Archives Information System
• The OAIS Reference Model defines an information system as an
archive, consisting of an organization of people and systems that
has accepted the responsibility to preserve information and make it
available and understandable for a designated community, who should
be able to understand the information.
• An OAIS-conforming strategy is the best way to preserve an
organisation’s digital heritage.
• OAIS encapsulates digital objects into information packages,
including the digital object content (a sequence of bits) and
representation information that enables rendering of an object into
human usable information along with preservation description
information (PDI) such as provenance, context, and fixity.
OAIS
• The OAIS Information Model employs 3 types of information
packages: a submission information package (SIP), an archival
information package (AIP), and a dissemination information package
(DIP).
• The OAIS functional model consists of six entities: • Ingest of
SIPs into an archival system
• Archival storage, i.e. storage of AIPs.
• Data management, tracking the use of storage media.
• Administration, technical and human processes like include audit,
policy making, strategy, and provider and customer service
• Preservation planning, a technology watch program for sustainable
standards, file formats, and software
• Access, i.e. creation of DIPS after the query of designated
community
OAIS
• ISO TR 18492 (2005), Long-Term Preservation of Electronic
Document- Based Information provides practical methodological
guidance for the long- term preservation and retrieval of authentic
electronic document-based information, and describes the necessary
strategy to ensure the usability and trustworthiness of electronic
documents, made of media renewal, software dependence, migration,
open standard technology-neutral formats, authenticity protection,
and security.
• ISO 16363 (2012)— Audit and Certification of Trustworthy of
Digital Repositories is the certification standard with the
functional specifications for records producers, records users,
ingest of digital content into a trusted repository, its archival
storage, and digital preserving planning and administration.
PREMIS
• OAIS specifies that preservation metadata associated with all
archival storage activities should be captured and stored in PDI.
This high-level guidance requirement demands greater specificity in
an operational environment.
• A reference standard for preservation metadata creation and
management is PREMIS, an international standard supported by the
Library of Congress and the Research Library Group.
• PREMIS enables designers and managers of digital repositories to
have a clear understanding of the (meta)information required to
support the functions of viability, renderability,
understandability, authenticity, and identity in a preservation
context.
PREMIS version 3
• PREMIS is made of a Framework (=model) and a Data Dictionary,
i.e. a set of semantic units. Each semantic unit is mapped to an
entity that is organized within a simple data model. A semantic
unit can therefore be understood as a property of an entity.
• The 4 entities to consider for digital preservation activities in
PREMIS 3 are:
• Objects (+ Environments),
PREMIS 3 data model
Object (or Digital Object): a discrete unit of information subject
to digital preservation. This can be an Environment (Technology
supporting a Digital Object in some way).
Event: an action that involves or affects at least one Object or
Agent associated with or known by the preservation
repository.
Agent: person, organization, or software program/system associated
with Events in the life of an Object, or with Rights attached to an
Object.
Rights Statement: assertion of one or more Rights or permissions
pertaining to an Object and/or Agent.
PREMIS version 3 – types of Objects
The Object entity has four subcategories: Intellectual Entity,
Representation, File, and Bitstream. An Intellectual Entity is a
distinct intellectual or artistic creation that is considered
relevant to a designated community in the context of digital
preservation: for example, a particular book, map, photograph,
database, or hardware or software. A Representation is the set of
files, including structural metadata, needed for a complete
rendition of an Intellectual Entity (es. HTML page) A File is a
named and ordered sequence of bytes that is known to an operating
system. A Bitstream is contiguous or non-contiguous data within a
file that has meaningful common properties for preservation
purposes.
PaaST - Preservation as a Service for Trust
• Preservation as a Service for Trust (PaaST) (2018) presents
functional and data requirements for digital preservation.
• The requirements reflect the findings of the first and second
InterPARES collaborations that in the digital realm, preservation
of information necessarily extends either to the output of an
information object intended for human use in a form suitable for
human consumption or, in the case of something intended to be run
on a computer, to reloading it on a computational platform.
• PaaST goes over InterPARES findings: 1. its requirements are
applicable to the preservation of virtually any type of digital
information, not just records. 2. the PaaST requirements could
support implementation and even the production of software for
preservation.
PaaST - Preservation as a Service for Trust
(PaaST) defines a comprehensive set of functional and data
requirements that support preservation of digital information
regardless of the technologies used or who uses them.
The requirements are intended to enable authentic digital
preservation in the Cloud; nevertheless, the requirements are valid
in other scenarios as well, including in-house preservation and
situations where digital preservation includes both in-house and
contracted services.
The requirements are formulated with sufficient flexibility to
enable adaptation of the criteria for success to cases where
information objects are not preserved as records.
PaaST - Preservation as a Service for Trust
• The PaaST requirements supplement the Open Archival Information
System (OAIS) Reference Model. As a reference model, OAIS neither
specifies a design or an implementation nor prescribes or even
recommends any specific technology for preservation. PaaST
requirements supplement OAIS in that they are intended to be
directly implementable in software.
• PaaST requirements are empirically oriented, aiming to
accommodate cases that are far from ideal, as well as supporting
best practices.
• The PaaST requirements are neutral with respect to preservation
policies and methods.
PaaST - Preservation as a Service for Trust